Bill, thanks for summing up the essence of viewpoints here and keeping the conversation going forward. At the end of the day, I think consumers would be well served if we as a nation drafted the equivalent of a digital Bill of Rights, that would among other things: allow citizens to 1) be able to search and view the data being captured about them, and 2) have the right to correct or remedy incorrect information about them.

Thanks very much to everyone who commented. Each of you made trenchant observations. "Privacy is a thankless debate," an observation of Thomas Claburn, certainly rings true in the case of the privacy issues related to technology facing lawmakers.

I believe Internet founding father Vint Cerf's Nov. 20 remark at the FTC's "Internet of Things" event that "privacy may actually be an anomaly" and that people should not consider privacy a given in the age of social media, serves as an important touchstone for the ongoing debate. With that viewpoint in mind, privacy in today's world is mostly an uphill battle.

It seems among those who commented that there is a consensus here that, as GAO suggested, it is important for lawmakers to make an extra effort on any privacy protection legislation to avoid a potentially overly burdensome one-size-fits-all approach. In this regard, Michael Endler framed the challenge nicely by stating, "Getting anything done will take delicacy."

Tom Murphy did a superb job of laying out many of the questions lawmakers should be asking, and the thorny issues they will be dealing with on the topic of consumer privacy protections and its related challenges.

In GAO's defense it looks like it has been looking into privacy matters regarding technology fairly regularly at least for the past five years and perhaps longer on an intermittent basis based on looking at archives of GAO reports. Granted, the fast pace of the evolution of both social media and wireless devices merit regular assessment of privacy matter for the foreseeable future. As SachinEE writes, "This initiative should not die without having an actual impact."

@ Tom Murphy, you are absolutely right that GAO is at least a decade late in addressing this issue when piles and piles of data have already been collected. It will be a very difficult question to answer what should be done to the data already been collected. Obviously the organizations or websites which collected this data will not let go of this data easily. It will be interesting to see what government can do about it, if at all.

"On the other side are individuals and groups that say a one-size-fits-all approach would be overly burdensome and restrictive. They hold that restrictions on the collection and use of personal data would boost compliance costs, inhibit innovation, and keep consumers from receiving relevant advertising and beneficial products and services." First argument holds some life without any doubt. All-encompassing laws don't work. But why should they be deciding what is "beneficial" for consumers? When consumers don't want these relevant advertisements and beneficial products and services at the cost of their privacy being compromised, why should they be insisting on it?

It is a welcome initiative indeed. At long last we hear something about consumers' privacy vulnerabilities from a significant quarter that might matter a lot at the end of the day. What is desirable now is that Congress take the recommendation of GAO seriously and legislate accordingly and in a thorough manner. This initiative should not die without having an actual impact.

Privacy is a thankless debate. Consumers say they want it but act otherwise. Privacy will never be practical online. The Internet is a surveillance system. Governments won't allow it to be any other way and businesses won't offer privacy services because so few will pay. And why offer "secure email" when that really means "secure until legally otherwise"? That said, we do need some rules of the road to avoid having our data strip-mined and sold over and over.

"[T]here is a real need to give consumers control of their information when it is used for a purpose beyond that for which it was originally provided" vs. "A one-size-fits-all approach would be overly burdensome and restrictive. They hold that restrictions on the collection and use of personal data would boost compliance costs, inhibit innovation, and keep consumers from receiving relevant advertising and beneficial products and services."

I think these two lines cut to the heart of the matter. Like most debates of this kind, lawmakers are going to debate consumer protection against business interests. Given how recent battles of this sort have played out, I'm not optimistic that lawmakers will have any idea how to handle this one (e.g. "It's prehistoric for companies to discriminate on the basis of gender identity/ sexuality" vs. "If we make it illegal for companies to discriminate, it will invite too many lawsuits, which will hurt businesses and cost Americans jobs," or "we have established a consumer proection agency" vs. "but we don't want to confirm its leader"). It's a complicated issue; consumers are not adequately protected, but I agree that sweeping policies and regulations aren't always the best approach either. Getting anything done will take delicacy, but this issue is, unfortunately, one that can be easily hijacked by ideological jingoism. The fact that this topic involves not only individual vs. business, but also technology - something with which lawmakers are generally inept and short-sighted - only makes the outlook that much messier.

I'm afraid the GAO is about a decade late and a bit myopic in its report on consumer privacy. Yes, there are needs for greater protections and that has been obvious since the turn of the century. And yes, it would be nice to see limits on what companies can do, but how would Congress impose those on web publishers outside the US? Another problem: how could anyone (or any government) hope to retrieve or scrap all the consumer information that has already been gathered and collated. There are corporate and government dossiers now on hundreds of millions -- perhaps billions -- of individuals around the globe.

Of course, we don't have to go on this way. The questions are what should we do, and how can we bring everyone together to do it? Any ideas out there?

Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!

Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.

At its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.